rails_kms_credentials 0.2.1 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 532e8e95ed3635abe5c43507b35822004aba639aa7e54c6288e2d7c67c206c9b
4
- data.tar.gz: 30bd1527ede5fd129a31941a5252b98196ce1b12c997f10576c29c83ed583b9d
3
+ metadata.gz: c0273094dabd151a67eb56db4f3211b88264a2cce57ca9ab1877cffc7b4ad691
4
+ data.tar.gz: 151cdc9835b37d4d6207af37cec2ac926ec31165790e91d1d8ad8a4a93bff334
5
5
  SHA512:
6
- metadata.gz: 9b76e471786e5ac4d9ab8e1017e23916fcd469f1144e5352e72d25e644cc9e646bd8e7823b7629254723f11c30a60fba819e402d1405079033e3f26338c6bbe1
7
- data.tar.gz: 616d9251fb153f967579886457d0370651a17425e693cb31af31c9966f1bb9a88713036bf455ca120095b6ace6ad84f2f72b3d0457b13a253a654d3685a3873f
6
+ metadata.gz: 6957d12ad6e5d28458248dac4ccec8b49a568237d9fcdf954341b486e190d78febdee246ddf7b70371ec7c87d4883afc7edc282a44ed5e301ad7db0c735d9d2e
7
+ data.tar.gz: 38bebac72a46d229b0b000c559863d901f2b2be1dd3e0d4ce9de1c3ec73b4de39db976aa6bf4284e65a592c393e1ce90e8619ddcebd43ab440ca465e641d252b
@@ -0,0 +1,77 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RailsKmsCredentials
4
+ module Store
5
+ module AzureKeyVault
6
+ module Client
7
+ class AksWorkloadIdentity < Base
8
+ ENV_AUTHORITY_HOST = 'AZURE_AUTHORITY_HOST'
9
+ ENV_CLIENT_ID = 'AZURE_CLIENT_ID'
10
+ ENV_FEDERATED_TOKEN_FILE = 'AZURE_FEDERATED_TOKEN_FILE'
11
+ ENV_TENANT_ID = 'AZURE_TENANT_ID'
12
+
13
+
14
+ attr_reader :authority_host, :client_id, :federated_token_file, :tenant_id
15
+
16
+ def initialize(*)
17
+ super
18
+ @authority_host = ENV[ENV_AUTHORITY_HOST]
19
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity authority_host' if authority_host.blank?
20
+ @client_id = ENV[ENV_CLIENT_ID]
21
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity client_id' if @client_id.blank?
22
+ @federated_token_file = ENV[ENV_FEDERATED_TOKEN_FILE]
23
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity federated_token_file' if @federated_token_file.blank?
24
+ raise "Missing KmsCredentials AzureKeyVault AksWorkloadIdentity federated_token_file does not exist: `#{@federated_token_file}`" unless File.exist?(@federated_token_file)
25
+ @tenant_id = ENV[ENV_TENANT_ID]
26
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity tenant_id' if @tenant_id.blank?
27
+ end
28
+
29
+ def get_secrets_list(url)
30
+ HTTParty.get(
31
+ url,
32
+ headers: {
33
+ Authorization: "Bearer #{access_token}",
34
+ },
35
+ )
36
+ end
37
+
38
+ def get_secret(url)
39
+ HTTParty.get(
40
+ url,
41
+ headers: {
42
+ Authorization: "Bearer #{access_token}",
43
+ },
44
+ )
45
+ end
46
+
47
+ private
48
+
49
+ def client_secret
50
+ @client_secret ||= File.read(@federated_token_file)
51
+ end
52
+
53
+ def access_token
54
+ return @access_token if instance_variable_defined?(:@access_token)
55
+ @_access_token_response = HTTParty.post(
56
+ "#{authority_host}/#{tenant_id}/oauth2/v2.0/token",
57
+ {
58
+ body: {
59
+ client_id: client_id,
60
+ client_secret: client_secret,
61
+ scope: 'https://vault.azure.net/.default',
62
+ grant_type: 'client_credentials',
63
+ }
64
+ }
65
+ )
66
+ raise 'KmsCredentials AzureKeyVault AksWorkloadIdentity unable to get access token' unless @_access_token_response.ok?
67
+ @access_token = @_access_token_response['access_token']
68
+ end
69
+
70
+ end
71
+
72
+ add(:aks_workload_identity, AksWorkloadIdentity)
73
+
74
+ end
75
+ end
76
+ end
77
+ end
@@ -25,5 +25,6 @@ module RailsKmsCredentials
25
25
  end
26
26
 
27
27
  require 'rails_kms_credentials/store/azure_key_vault/client/base'
28
+ require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
28
29
  require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
29
30
  require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
@@ -4,8 +4,8 @@ module RailsKmsCredentials
4
4
 
5
5
  module Version
6
6
  MAJOR = 0
7
- MINOR = 2
8
- PATCH = 1
7
+ MINOR = 3
8
+ PATCH = 0
9
9
 
10
10
  end
11
11
 
@@ -30,5 +30,5 @@ Gem::Specification.new do |s|
30
30
  s.add_dependency('activesupport', '>= 5.0.0')
31
31
  s.add_dependency('railties', '>= 5.0.0')
32
32
 
33
- s.add_dependency('httparty', '~> 0.17.0')
33
+ s.add_dependency('httparty', '~> 0.21.0')
34
34
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_kms_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-18 00:00:00.000000000 Z
11
+ date: 2023-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 0.17.0
47
+ version: 0.21.0
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 0.17.0
54
+ version: 0.21.0
55
55
  description: Add support for different credentials for different kmss to Rails
56
56
  email: rubygems@yelvert.io
57
57
  executables: []
@@ -67,6 +67,7 @@ files:
67
67
  - lib/rails_kms_credentials/store.rb
68
68
  - lib/rails_kms_credentials/store/azure_key_vault.rb
69
69
  - lib/rails_kms_credentials/store/azure_key_vault/client.rb
70
+ - lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
70
71
  - lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
71
72
  - lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
72
73
  - lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb